Django 5.1.12 release notes

September 3, 2025

Django 5.1.12 fixes a security issue with severity «high» in 5.1.11.

CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases

FilteredRelation was subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.annotate() or QuerySet.alias().

« previous | up | next »